Hi, until I made an upgrade from 1.15.1 (applied the 15.2,3 and 4 patches) I was happily editing my wiki pages with gnu emacs via ee.pl and a bookmarklet that goes: javascript:location=location+'?action=edit&externaledit=true';
(http://www.mediawiki.org/wiki/Manual:External_editors)
Now, external editing is broken I and I suspect that this is related to (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to be submitted along with the user name and password. Patch by Roan Kattouw.
Any ideas on what I could/should do to get TRUE external editing back ? I don't mind installing stuff. I am not much of a programmer/sysadmin, but I can read :)
I don't want to use something like "It's all text" since it's not practical to edit several wiki pages at the same time and having to keep several browser tabs open just for saving. (I do this at home on a windows box and it's a pain).
- thanx for any help / insight ! - Daniel
PS: Of course I am not sure about the cause, but in my case identification of the problem (upgrading) is really simple. I got two wikis on the same machine: The 1.15.4 one (http://edutechwiki.unige.ch/en/) is broken and the 1.15.1 one (http://edutechwiki.unige.ch/fr/) works just fine.
Daniel K. Schneider wrote:
Hi, until I made an upgrade from 1.15.1 (applied the 15.2,3 and 4 patches) I was happily editing my wiki pages with gnu emacs via ee.pl and a bookmarklet that goes: javascript:location=location+'?action=edit&externaledit=true';
(http://www.mediawiki.org/wiki/Manual:External_editors)
Now, external editing is broken I and I suspect that this is related to (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to be submitted along with the user name and password. Patch by Roan Kattouw.
Any ideas on what I could/should do to get TRUE external editing back ? I don't mind installing stuff. I am not much of a programmer/sysadmin, but I can read :)
You are right. Where it is doing: $response=$browser->post($login_url,@ns_headers, Content=>[wpName=>$username,wpPassword=>$password,wpRemember=>"1",wpLoginAttempt=>"Log in"]); it should be fetching a login token, and then using it to send the password.
I also see many outdated methods, like the fake user agent or extracting items from the page source instead of using the api (which didn't exist when it was created).
Is anyone proficient in Perl here?
I filed bugs 23764 and 23765 to keep track of it.
On 06/03/2010 12:23 AM, Platonides wrote:
Daniel K. Schneider wrote:
Hi, until I made an upgrade from 1.15.1 (applied the 15.2,3 and 4 patches) I was happily editing my wiki pages with gnu emacs via ee.pl and a bookmarklet that goes: javascript:location=location+'?action=edit&externaledit=true';
(http://www.mediawiki.org/wiki/Manual:External_editors)
Now, external editing is broken I and I suspect that this is related to (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to be submitted along with the user name and password. Patch by Roan Kattouw.
Any ideas on what I could/should do to get TRUE external editing back ? I don't mind installing stuff. I am not much of a programmer/sysadmin, but I can read :)
You are right. Where it is doing: $response=$browser->post($login_url,@ns_headers, Content=>[wpName=>$username,wpPassword=>$password,wpRemember=>"1",wpLoginAttempt=>"Log in"]); it should be fetching a login token, and then using it to send the password.
I also see many outdated methods, like the fake user agent or extracting items from the page source instead of using the api (which didn't exist when it was created).
Is anyone proficient in Perl here?
I filed bugs 23764 and 23765 to keep track of it.
Thanx :)
Let's hope that someone who knows Perl is motivated (I am not a developer and don't speak Perl). I also noticed that the original author, Erik Moeller, is now a deputy director of Wikipedia and he might care about his original baby or maybe know someone who does :)
Anyhow, more fundamentally speaking, it would be really good to have this feature again. So here is some motivational speak: I understand that most wikipedia authors rather do smaller edits and for this purpose a through-the-web editor is fine. Other mediawiki sites (include wikimedia places like wikibooks or wikiversity) do have users that intensively work on several long pages at the same time and who are able to get a maximum out of a programming editor like emacs or Jedit, Eclipse or whatever .... I sometimes spend days in row writing and organizing and this feature really helped. Installing ee.pl wasn't difficult at all under Ubuntu :)
I found the following patch for another Perl library: http://us.generation-nt.com/answer/bug-578691-libmediawiki-perl-security-upd...
I suppose one could just copy the relevant login code to ee.pl.
There's also a whole bunch of MediaWiki related Perl modules which should provide the necessary functionality, e.g. MediaWiki::API:
http://search.cpan.org/~exobuzz/MediaWiki-API-0.30/lib/MediaWiki/API.pm#Medi...
Those modules look like they would make a rewrite of the extension much easier.
hth Frank
Daniel K. Schneider wrote:
Platonides wrote:
I filed bugs 23764 and 23765 to keep track of it.
Thanx :)
Let's hope that someone who knows Perl is motivated (I am not a developer and don't speak Perl). I also noticed that the original author, Erik Moeller, is now a deputy director of Wikipedia and he might care about his original baby or maybe know someone who does :)
Anyhow, more fundamentally speaking, it would be really good to have this feature again. So here is some motivational speak: I understand that most wikipedia authors rather do smaller edits and for this purpose a through-the-web editor is fine. Other mediawiki sites (include wikimedia places like wikibooks or wikiversity) do have users that intensively work on several long pages at the same time and who are able to get a maximum out of a programming editor like emacs or Jedit, Eclipse or whatever .... I sometimes spend days in row writing and organizing and this feature really helped. Installing ee.pl wasn't difficult at all under Ubuntu :)
Bawolff has fixed it in r72770. Replace your ee.pl with the one from http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/ee/ee.pl?view=co
mediawiki-l@lists.wikimedia.org